Systems and algorithms for biometric authentication without a previously stored biometric template

ABSTRACT

A system and algorithms to authenticate a person where a system only has some standard personal text data about the person, and cannot have a real biometric template obtained using an enrollment procedure. The authentication allows access to restricted resources by the person. This method is especially useful when it is used as an auxiliary authentication service with other methods such as password or Callback that dramatically lower the chances for an imposter.

RELATED APPLICATIONS

This is a continuation of U.S. patent application Ser. No. 13/352,443,filed Jan. 18, 2012, which is a continuation of U.S. patent applicationSer. No. 11/216,022, filed Sep. 1, 2005, now U.S. Pat. No. 8,122,259,issued Feb. 21, 2012, which is hereby incorporated by reference in itsentirety for all purposes.

FIELD OF THE INVENTION

The present invention relates to Computer Telephony Integration (CTI);specifically, to systems and algorithms which need to Authenticate aperson before allowing him to use a certain device or gain access to arestricted area.

BACKGROUND OF THE INVENTION

In a variety of applications there is a need to authenticate theidentity of a user before he can use a certain service, or gain accessto a restricted data or a physical location. A common approach toaddress this need is by using computerized biometric verificationtechniques. According to this two steps approach, the first step isknown as “enrollment” where an identifiable and preferably unique set ofbiometric characteristics of a person are being extracted to generate a“template” aimed to function as a biometric signature of that person.The template is then being stored in a centralized data base. In thesecond step (usually at a distinct occasion and can be repeated for manytimes), the same biometric characteristics are being extracted togenerate yet another template which is compared to the first template.If there is a high degree of match between the parameters in the twotemplates beyond a certain threshold, the person is authenticated in thebiometrical sense. In the known art, there are variety of methods toimplement this approach which are based on different biometricalattributes (also known as modalities) such as human face, iris, voice,finger print, hand geometry and others. It is also possible to combineseveral of these modalities to create a multimodal solution e.g. usingboth face and finger print parameters.

While the biometric approach for authentication is gaining an increasingpopularity, there are some barriers for a massive use of it in manyapplications. Two of these barriers are:

-   -   1) The need for the “enrollment” step, where in this step the        user identity is needed to be determined by his/her physical        attendance at some specific location, where he/her can show an        identifier (e.g. an identity card). Then, one needs to go        through the enrollment process which can be a time consuming and        expensive process.    -   2) Storing user's biometric data in some organization's        centralized database generates a real privacy problem, and is        even currently illegal in some places. In addition, in some        cases it is prohibitive to use persistent data. An alternative        approach to central storing is to store the information on a        personal “smart card”, which is being kept within the user        possession. While this alternative reduces the extent privacy        problem it is cumbersome, not practical and too expensive for        many applications.

In many cases, biometric verification is often used only as acomplementary mean to other simpler authentication methods like the useof password. Many web sites use only password to assure that the personlogged in is indeed the legitimate person and not an imposer. It hasbeen demonstrated that adding a biometric check in addition to password,reduces abuses significantly.

SUMMARY OF THE INVENTION

The current invention discloses a new approach for authentication ofusers which are seeking to get access to restricted services, contentsor physical locations. It utilizes stateless biometric methods, which donot include the process of enrollment and storing the sensitivebiometric user data in a database or any other storing device(centralized or personalized). Instead, only standard (e.g. date ofbirth, address, gender, birthplace, social security number) are beingstored. When a person is asking for an access to the restrictedresource, biometric data of the person is being extracted “on the fly”as part of its interaction with the system. That biometric data iscompared to the actual subset of standard personal details that areknown about the person. According to this comparison, the system candetermine whether or not to exclude him/her from access to therestricted resource.

Some embodiments of the present invention depict classification of userattributes into groups. The group classification can be used as part ofthe authentication procedure by comparing the classification data to thepersonal details record or directly as a decision factor.

Some embodiments of the present invention depict an auto bill pay systemfor example via a phone. As part of the user authentication procedurehe/she is requested to provide one or several voice responses to anInteractive Voice Response (IVR) system. The voice of this person isbeing analyzed to biometrically extract and estimate attributes such asperson age, gender, ethnical origin, pronunciation, emotional state(e.g. what is the voice credibility level as analyzed by ones voice) andalcoholic blood level. Some attributes (e.g. gender, age, ethnicalorigin) may be compared against the personal details data record tocheck for a correspondence. Additionally, some of these attributes (e.g.age, emotional stage, and alcoholic blood level) can be used directly asa decision factor. For example, a young child or a person recognized bythe system to have high alcoholic blood level and/or low voicecredibility level may not be granted with an access to a restricted autobill pay system.

Optionally, the above embodiments may generate a biometric voicetemplate (or templates) for the attending user. But instead ofauthenticating the person by comparing the voice template to a prestored template (as commonly being done in the current art), thistemplate will be compared vis-à-vis to a “black list” of templatesrepresenting, for example, known criminals or those who are suspected topreviously be involved in improper usage of the system.

Some embodiments of the present invention may be assisted by other meansto raise its confidence level. For example, the system may initiate aphone call to a person (Call Back scenario), to significantly reduce theprobability for an imposer. It still may be the case that someone elseanswered the call, but that usually is done innocently, and the methodsdisclosed in this invention may recognize these latter cases with a highprobability.

Some embodiment of the present invention may use speech recognition on aspoken speech segment of the user. For example, the user might be askedto provide information items such as (but not limited to) birth date,social security number, maiden name of his mother. That speech segmentwill be sent to a speech recognition element to translate it to a datarecord and then to compare it to existing data record or records.

Some embodiment of the present invention may use the recorded speech asdigital signature to provide either directly or indirectly a recordedcopy of the transaction and/or a proof that a transaction was authorizedby the user.

Some embodiments of the present invention depict a system controllingaccess to restricted content, for example adult entertainment on theWorld Wide Web or TV. As part of the access control procedure, the useris requested to provide one or several voice responses to an InteractiveVoice Response (IVR) system. As in the previous embodiment, the voicesample or samples are analyzed to biometrically extract and estimateattributes, and used in a procedure similar to what have been described.For example, it can be used to block child access to adult entertainmentmaterial if the age value as recognized by his voice, is smaller than acertain threshold.

DETAILED DESCRIPTION OF THE INVENTION

In the following description, various aspects of the present inventionwill be described. For purposes of explanation, specific configurationsand details are set forth in order to provide a thorough understandingof the present invention. However, it will also be apparent to oneskilled in the art that the present invention may be practiced withoutthe specific details presented herein. Furthermore, well-known featuresmay be omitted or simplified in order not to obscure the presentinvention The present invention will be understood and appreciated morefully from the following detailed description taken in conjunction withthe drawings in which:

FIG. 1 depicts a general scheme of an authentication method according tosome embodiments of the present invention.

FIG. 2 depicts an auto bill pay system according to an embodiment of theof the present invention;

FIG. 3 depicts a content access control system according to anembodiment of the present invention;

FIG. 4A discloses an exemplary application in which a user is seekingaccess to a restricted content via a digital network. FIG. 4B disclosesan exemplary application in which a user is seeking access to arestricted content via a TV network;

It will be appreciated that for simplicity and clarity of illustration,elements shown in the figures have not necessarily been drawn to scale.For example, the dimensions of some of the elements may be exaggeratedrelative to other elements for clarity. Further, where consideredappropriate, reference numerals may be repeated among the figures toindicate corresponding or analogous elements.

Attention is made now to FIG. 1, which depicts a user (10) asking to getaccess to a restricted resource or resources (90). A computerized UserInterface Module—UIM (20) is used to interact with the user, givehim/her some instructions and information, prompting the user to provideits intended request, some of his/her personal details and otherinformation item including (but not limited to) authentication data likea password. The supplied user data can be tested vis-à-vis the personaldata record of the user, as stored in the system database.

One example of such a user interface module is known as IVR (InteractiveVoice Response) subsystem which is possibly part of the UIM—20. Otherconfigurations of UIM may be used as well. In addition and as part ofthis invention, the UIM receives a biometric sample or samples of theuser. This can be accomplished either by an explicit request from theuser to provide it, or implicitly as part of the user interactionprocess. The biometric sample or samples may include (but not limitedto) items like voice sample(s), person image(s) or video clips, keystroke pattern and finger print data.

A plurality of N (N>=1) biometric extraction modules (101-155) may thenbe used to extract corresponding biometric-based parameters from theuser's biometric samples. For example, a voice sample of a user can beused to extract parameters such as (but not limited to):

-   a) Age of the user.-   b) Gender-   c) Ethnical or geographical origin-   d) Pronunciation-   e) Emotional state of the user-   f) Credibility-   g) Level of Alcohol or other materials in the user's blood.

A typical outcome of each biometric extraction module is a probabilityfunction, which defines the estimated probability of the correspondingparameter to match to certain values or a set of ranges of values of theinvestigated biometric identifier. For example, a possible result of anAge extractor, investigating the age-identifier for a specific sample isgiven in the following table 1-1:

Group Age value 1 Age value 2 Probability 1 0 18 0.1 2 18 40 0.3 3 40 600.5 4 60 120 0.1

The column <Age value 1> defines the lowest value of each age group. Thecolumn <Age value 2> defines the lowest value of each age group which isabove the maximal age of that group. The probability column defines theestimated probability of the user's age to is belong to each group asgenerated by the biometric extraction module algorithm based on thesample.

Each biometric extraction module result, may be used as an input to aPersonal Data Authentication block (40 and/or to a User Qualificationblock (50)). For the purpose of a clear illustration of the interactionbetween the different modules in FIG. 1, it is shown in this figure thateach biometric extraction module is directed either to Personal DataAuthentication block (40) or to a User Qualification block (50). Modules(101, 102 . . . ) are used as an input to the first block and modules(150, 151 . . . ) to the latter. The reader should note that the outputof the same extractor module may serve as an input to both blocks. Inthis case, one may think on such a module as duplicated into two modulesone in the group of modules numbered as (101, 102 . . . ) and the otherreproduction in the group numbered as (150, 151 . . . ).

At the Personal Data Authentication block (40 ) a valuation process maybe commenced, based on the outputs of modules (100, 101 . . . ), for amatch between known user parameters which are given in a data recordsuch as the Personal Details Record (30) and results of the biometricextraction module(s). Preferably, as a result of this valuation process,a score vector is generated. Also according to preferred embodiments ofthis invention, the Personal Details Record (30) does not containbiometric template but rather just data items.

For example, if the actual user age appears in the Personal DetailsRecord (30), one possible valuation process is a comparison of this agevalue versus the output of a corresponding age biometric extractionmodule as shown in table 1-1. Other types of a valuation process and/orbiometric parameters may take place as well, and forms of result, otherthan a score vector is may be generated.

In addition, block (40) may contain a fusion module, in case where thisblock receives results from a plurality of biometric extraction modules(101, 102 . . . ). A fusion module preferably generates a single resultvector as a function of the input parameter space. There are many fusionmethods in the existing art which are known to the proficient reader.

At the User Qualification block (50) a valuation process may becommenced, based on the outputs of modules (150, 151 . . . ), forcomputing the qualification level that that particular user may be ableto access the restricted resource or resources (90). At this block thequalification level is not calculated based on a match with the user'Personal Details Record (30), but rather directly as a result of theextracted biometric parameters. Preferably, as a result of thisvaluation process, a score vector is generated. For example, an agevalue output of a corresponding age biometric extraction module may beused as a criterion for accessing a restricted resource involvingpayments and/or access to an adult entertainment material. For values asshown in table 1-1, the valuation process may give high qualificationscore to the age parameter since there is a high probability that theuser is over 18 years old. Another possible parameter is the estimationof the user alcoholic level in blood extracted out of his/here voicetract. High estimated blood alcohol level may generate a lowqualification score. The set of rules determining the qualificationvaluation process may reside in a predefined Qualification Rule database(70). Other types of a valuation process and/or biometric parameters maytake place as well, and forms of result, other than a score vector maybe generated.

In a similar manner to the above description for block (40), block (50)may also contain a fusion module, in case where this block receivesresults from a plurality of biometric extraction modules (151, 152 . . .).

In other embodiments, either the Personal Data Authentication block (40)or the User Qualification block (50) may be omitted, or being activatedeach only on a sub group of the users. It is also possible that the listof active modules (100, 101 . . . ) and/or modules (150, 151 . . . )will be determined per user or per a group of users.

Further according to a preferred embodiment of this invention. TheAccess Management block (70), receives the valuation results of blocks(40) and (50). Based on these results and possibly on the standardauthentication process as described in paragraph [017] above the user iseither being granted access to the restricted resources, denied accessto the resource, or being transferred to a human help desk foradditional examination(not shown in FIG. 1). The UIM (20) is used tohandle the interface with the user for these different cases.

FIG. 2 depicts a flow chart of a preferred embodiment of the currentinvention. In one case the user initiates the contact with the system(202), via the UIM (20) for an initial interaction with (204). Thesystem may initiate a “call back” or a “contact back” procedure. It iswell known from the state of the art in the field that call back is auseful way to limit attempts to steal the identity of valid users byimposters. In an alternative case, the system may initiate the contactwith the user at (202).A standard authentication process as described inparagraph [017] above, may be employed. As part of this procedure or asa separate process, the user provides a biometric sample or samples(208). Some examples of possible types of biometric sample(s) are user'svoice tract, image of the user face, iris, finger print, hand geometryand ultra sound image.

As the sample or samples are provided, the corresponding biometricparameter(s) are extracted (210). Following the parameter extractionsthe process of Personal Data Authentication (212) and/or UserQualification (214) are being performed in the described above manner.

Then, optionally a Data Fusion (216) process may take place in order togenerate a unified result or a score vector. In the cases where bothPersonal Data Authentication (212) and User Qualification (214) areactive, the Data Fusion (216) process may comprise two steps, wherefirst the outputs of (212) and (214) are fused separately and then aunified result or a score vector is generated out of the two fusedoutputs. As part of the fusion process, some cross section statisticalprocesses might be carried out. For example, a process might compare thebiometrically extracted ethnical origin of the user, to the ethnicaldistribution of the user residence location, according to a census, andgenerate a match score.

If the result of the above process provides a positive <authenticationand/or qualification> of the user, an access in granted (224) to therestricted resource or resources. Otherwise, the user is either rejectedor being transferred to a human operator in a helpdesk as shown in theFIG. 220). The human operator might be randomly selected out of the listof available operators, or selected according to some criteria. Forexample, operator having a previous experience with the specific user,or having the same age group and/or gender and/or ethnical origin as theuser, proximity of the geographic residence locations regarding the userand the operator or other criteria. The operator may pose fartherquestions to the user and decide (222) to either grant access to theuser (224) or deny the access (226) to the restricted resource orresources

FIG. 2 depicts an example of an application based on the currentinvention, a credit card or an auto bill payment system. In this exampleapplication, the user interacts with the system via a phone. AnInteractive Voice Response module—IVR (320) instantiates User InterfaceModule—UIM(20) of FIG. 1. The restricted resource in this case is acredit card payment (390) and the user (310) is a one wishing to performthis financial transaction. The Personal Details Record in this case, isthe record that the credit card firm maintains in its database for thatuser (330).

The mechanism for this application is similar to what have beendescribed in FIG. 1. An additional option which is shown here is theability of an operator on the help desk (360) to hold a voice initiatedvideo and/or data collaboration session with the user. According to thisscheme, first a voice conference is being held between the user and theoperator, which by a click on a phone button may initiate a full realtime collaboration session between the user, the operator and optionallyadditional parties. This mechanism is described in full by the U.S. Pat.No. 6,831,675, and later application Ser. No. 10/801,112.

FIG. 4A discloses yet another example of application based on thecurrent invention. In this example, the user is seeking access to aRestricted Content (490). Such content might be a pay per view, adultentertainment or any other type of restricted content in the form ofvideo, voice, images data or any combination of these forms. The user isinteracting with the system via a data terminal (415), a digital network(e.g. the internet), and a User Interface Module (420) which may haveseveral modes of operation, for example a web server communicating withuser via an HTTP protocol. One possible example of the usage ofbiometric extraction parameters in this case, is the extraction of theuser age and using this parameter as part of the User QualificationBlock to determine access rights to an adult entertainment material.

FIG. 4B discloses an application which is similar to that of FIG. 4A. inthis case a TV Set (470) is used as the interaction port for the user,and the TV network (472) in any form (analog, digital) as the connectioncarrying infrastructure between the user and the User Interface Module(420).

The phrase “Interactive Voice Response (IVR) session as used herein mayencompass an audio based call between a computer plugged into a phonesystem and a person who receive a phone call. A voice session mayinclude transmission of analog and/or digital data, and may enabletransfer of session data, audio data, and/or other relevant data. Thephrase “biometric” as used herein may encompass the act ofauthentication a person by one of his physical characteristics. Thephrase “data terminal” as used herein may encompass any output device,display system, processing unit, computing terminal, personal computer,network computer, mobile communications device that may be used forimplementing a voice and/or videoconference and/or data collaborationsession.

It will be appreciated by persons skilled in the art that the presentinvention is not limited by what has been particularly shown anddescribed hereinabove. Alternate embodiments are contemplated which fallwithin the scope of the invention.

What is claimed is:
 1. A method for authenticating a user comprising:receiving a biometric input from said user; extracting at least onebiometric-based parameter from said biometric input; comparing said atleast one biometric-based parameter to a corresponding biometric basedparameter of said user, wherein said corresponding biometric basedparameter is not based on a pre-stored biometric template, saidbiometric template is a biometric signature of said user; andauthenticating said user based on said comparison.
 2. The method ofclaim 1, wherein extracting said at least one biometric-based parameterresults in a probability function, said probability function to definethe estimated is probabilities of said biometric-based parameter tomatch a set of ranges of values.
 3. The method of claim 1, wherein saidbiometric input contains audio related data.
 4. The method of claim 1,wherein said biometric input contains image related data.
 5. The methodof claim 1, wherein said biometric input contains video related data. 6.A system for authenticating a user comprising: at least one dataterminal to receive biometric input of said user; at least oneextraction unit to extract at least one biometric-based parameter fromsaid biometric input; a storage unit to store at least one personal dataparameter of the user; at least one authentication unit to authenticatesaid user based on comparison of said at least one extractedbiometric-based parameter to a corresponding known user data parameterin said personal details record, wherein said known user parameter isnot based on a pre-stored biometric template, said biometric template isa biometric signature of said user; and an access control managementunit to control the access of said user to at least one restrictedresource based on the result of said authentication unit.
 7. The systemof claim 6, wherein extraction of said at least one biometric-basedparameter results in a probability function, said probability functionto define the estimated probability of said biometric-based parameter tomatch a set of ranges of values.
 8. The system of claim 6, wherein saidbiometric input contains audio related data.
 9. The system of claim 6,wherein said biometric input contains image related data.
 10. The systemof claim 6, wherein said biometric input contains video related data.